Date post: | 12-Jan-2015 |
Category: |
Technology |
Upload: | interop-mumbai-2009 |
View: | 999 times |
Download: | 1 times |
SecureAppDeliveryTM
How to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application Delivery
9/29/2009
Agenda
Enterprise Requirements for Access− Differences between Mobile, non-Mobile users and partners
Application Delivery− Problems and Solutions− Key component technologies
Tying them all together
Summary
9/29/2009 2
Enterprise Requirements
No information access, no productivity
Your Most Valuable Asset Business-Critical Processes
9/29/2009 3February 29, 2008 3
Who Needs Access?
Mobile Employees
Non-Mobile Employees
Partners− Need to access
t i li ti− Corporate-issued laptops
− WAN speed− Daily to constant
− Non-corporate PCs at home
− Used to LAN speed− Seldom to never
certain applications− Not trusted enough
to put them on your networkDaily to constant
remote access− Small fraction of
the corporate employee body
Seldom to never remote access
− Large percentage of corporate employees
− Have access solutions to partner networks but not to your network and employee body yyour applications
9/29/2009 49/29/2009 4
Business Continuity
When disasters strike, can your employees have access to enterprise information so they can continue to provide services to your customers?
Harvard study: two-thirds of businesses surveyed could notmaintain normal operations if half of their workers were out for
k
9/29/2009 5February 29, 2008 5
two weeks.
Anatomy of Application Performance
Number of Hops matter
Distance matters, routing matters
Amount of traffic mattersAmount of traffic matters
Quality of network mattersCongestion and Packet Loss− Congestion and Packet Loss
Number of people on the network matters
Type of applications in use on the network matters
9/29/2009 6
Where they access from and what they access matters
Today’s Enterprise Workforce
Permanently Remote /Permanently Remote / Mobile Workforce
USER TYPE REMOTE PC TYPE NETWORK SPEED ACCESS FREQUENCY
Non Mobile Non Corporate LAN Never
Remote or Mobile Corporate WAN Daily to Constant
Non-Mobile Non-Corporate LAN Never
Non-Mobile Workforce
9/29/2009 7
Mobile Worker
Permanently Remote Employees (office at home or offsite)Highly Mobile Employees (road warrior)
Corporate-issued laptops, sometimes desktopsAccustomed to WAN speedsAccustomed to WAN speedsDaily to constant access of corporate resourcesSmall fraction of corporate employee body
USER TYPE REMOTE PC TYPE NETWORK SPEEDS ACCESS FREQUENCY
Remote or Mobile Corporate WAN Daily to Constant
9/29/2009 8
Non-Mobile Workers
Deskbound Employees (situated in the office)
Non-corporate PCs when working remotelyAccustomed to LAN speedsDo not remotely access corporate resourcesDo not remotely access corporate resourcesLarge percentage of corporate employee body
USER TYPE REMOTE PC NETWORK SPEEDS ACCESS FREQUENCY
Campus WorkerOr Da E tender
None or Non Corporate
LAN NeverOr Day Extender Non-Corporate
9/29/2009 9
Business Continuity
Allow extra users to log in seamlessly during emergenciesNo IT intervention requiredqOne-time license fee for small number of daysBurst up to a pre-defined concurrent user count
100
60
70
80
90
10
20
30
40
50
9/29/2009 10September 29, 2009 10
0
10
1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75 77 79
DesktopDirectTM : An illustration
1. Browse (https://mydesktop.arraynetworks.net)2. Sign ing3. Click, automatically turn on the office PC if it is off4. Work
Only 30kbps!!
9/29/2009 119/29/2009 11
Partner Access: Security Risk
Partner Network
Information to share
Information to protect
9/29/2009 12September 29, 2009 12
Your Network
SiteDirectTM: Third Party Access
Partner NetworkInformation to share
ResourceP blishingPublishing
Information to protect
Your NetworkIP conflict is resolved automaticallySSL on port 443, No NAT/FirewallOnly necessary resources are exposed
9/29/2009 13September 29, 2009 13
y y pUser level control on remote site access
Application Delivery Problems and Solutions
9/29/2009 14
Evolution of Application Delivery
Server Load Balancing− directs traffic to healthiest server
Application Accelerator− SSL offload
Application Delivery Controller− connection multiplexing and application acceleration
Was primarily useful for websites− before growing demand for web-based applications
Mature technology now delivers any application− in production networks for over a decade
9/29/2009 15
App Delivery Challenges
Server could be oversubscribed− CPU, RAM, network interface overload− Too many requests at once− High amount of SSL traffic− Too many connections to a single server
Server could stop responding− Hardware failure
Power outage− Power outage− Operating system crash
In-line devices could stop respondingIn line devices could stop responding− Hardware failure− Power outage− Other issue
9/29/2009 16
Technology Overview
High Availability− Server load balancing− Device redundancy− Global server load balancing
Application Acceleration− Secure Sockets Layer offload− TCP connection multiplexingTCP connection multiplexing
Best-Practice SecurityApplication level protection− Application-level protection
9/29/2009 17
High Availability
Server Load Balancing
Real IPAddress 1
Real IPAddress 2
Virtual IPAddress
healthcheckingtrafficflow
Address Real IPAddress 3
9/29/2009 18
Real IPAddress 4
High Availability (One Data center)
Device Redundancy
Device A
Device AActive
Device AMaintenanced
Device AReplaced
Device AActive Again
Device BA tiActive
9/29/2009 19
High Availability (Multiple Sites)
GSLB
DNSDNS
primaryd t t
backup
SS
data center data center
localhealth
globalhealth
checking
trafficflow
healthcheckingchecking
9/29/2009 20
High Availability (Branch Office)
• Current Infrastructure•Costly 2 Mbps to 8 Mbps links shared by 100 to 300 peopleB d idth l th 100•Bandwidth per user less than 100
kbps, sometimes as low as 10kbps•Some large offices with T3 or up to 100 Mbps•People working from home with 256
• Solutions
• Link Loadbalancing
p gkbps broadband or higher•Lack of redundancy, susceptible for network failures
Link Loadbalancing
• Combine multiple DSLs to improve overall throughput, performance & availability at lower cost
• QoS / Priority Queueing / monitoring / filteringQoS / Priority Queueing / monitoring / filtering
• WAN optimization / Acceleration
• Compression & Caching
9/29/2009 21
• Data reduction / de-duplication
Acceleration (SSL)
SSL Offload
digitaldigitalcertificates
t d
ssl encrypted
overload of end-to-end
ssl sessions
unencrypted
9/29/2009 22
Acceleration (Caching)
Caching offloads web server utilization by over 40%
Deliver contentFrom memory cache
9/29/2009 23
Acceleration (Compression)
Compression reduces bandwidth usage by 30%+
Compresses text, pptOn the fly
9/29/2009 24
Acceleration (TCP)
Connection Multiplexing reduces server conns by 100:1
3 TCPopen TCP
connection3-way TCPhandshake
3-way TCPhandshake
3-way TCPhandshake too many
TCP ti
3-way TCPh d h k
3-way TCPhandshake
TCP connections
handshake
9/29/2009 25
Best-Practice Network Security
Application-Level Protection
DoS attack
9/29/2009 26
attacker
Best-Practice Network Security
Application-Level Protection
http://malformed_url
malformedURL attack
malformedURL dropped
9/29/2009 27
attacker
App Delivery from the Cloud
9/29/2009 28
Cloud: Virtualization And Scalability
Mobile employees ApplicationsData Center pp
Desktops
Resources to share
with partners
P t
Data Center
Public or Private Networks
PartnersPublic or Private
Networks
Data Center
Non-mobile employees
• Many virtual portals• Large number of concurrent users• One URL among multiple data centers• Supports real or virtual desktops
9/29/2009 299/29/2009 29
Supports real or virtual desktops• Secure applications in the Cloud
Conceptual Architecture
9/29/2009 309/29/2009 30
SecureAppDeliveryTM
How to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application Delivery
9/29/2009